Squid: denial of service in http digest authentication
CVE-2023-46847

8.6HIGH

Key Information:

Status
Red Hat Enterprise Linux 6 Extended Lifecycle Support
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 7.6 Advanced Update Support(disable Again In 2026 - Sprhel-7118)
Vendor
CVE Published:
3 November 2023

What is CVE-2023-46847?

Squid is affected by a vulnerability that enables remote attackers to exploit a Denial of Service condition through a buffer overflow. When configured to accept HTTP Digest Authentication, the software can be manipulated to write up to 2 MB of arbitrary data to heap memory, potentially crashing the service or consuming resources, leading to degraded performance or downtime.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://access.redhat.com/errata/RHSA-2023:6266
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2023:6267
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2023:6268
vendor-advisoryx_refsource_REDHAT

EPSS Score

44% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.6
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.